firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly states Firecrawl "is a web scraping tool that extracts data from websites" and describes using Membrane proxy/requests and action runs to retrieve Firecrawl data (see "Firecrawl Overview" and "Proxy requests"), so the agent will ingest arbitrary public website content that could influence subsequent actions.